Assurance, Security and Prvy - Important Notes

In a __, each information asset is assigned a score for each of a set of assigned critical factor.

__ is simply how often you expect a specific type of attack to occur.

The __ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization.

__ policies address the particular use of certain systems.

The __ strategy attempts to prevent the exploitation of the vulnerability.

The __ is a methodology for the design and implementation of an information system in an organization.

The actions an organization can and perhaps should take while an incident is in progress should be specified in a document called the __ plan.

There are individuals who search trash and recycling — a practice known as __ — to retrieve information that could embarrass a company or compromise information security.

In the U.S. Military classification scheme, __ data is any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security.

Many corporations use a __ to help secure the confidentiality and integrity of information.

Risk __ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility.

A mail server that has a vulnerability which involves a hardware failure with a likelihood of 0.4. The mail server has an impact rate of 80. One control has been implemented that reduces the impact of vulnerability by 50%. Assumptions made on this asset have an 70% certainty.

______ is the percentage of value an asset lost due to an incident.

______ policies are more specific to the operation of a system than ACLs, and they may or may not deal with users directly.

Risk ______ is the application of controls to reduce the risks of an organization's data and information systems

______ equals likelihood of vulnerability occurrence time value (or impact) minus percentage risk already controlled plus an element of uncertainty.

Person or element that has the power to carry out a threat

The formal decision making process used when considered the economic feasibility of implementing information security controls and safeguard is called a ______.

The ______ strategy attempts to shift risk to other assets, other process, or other organizations.

______ plans usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the floodwaters recede.

The __ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.

__ is any technology that aids in gathering information about a person or organization without their knowledge.

Acts of __ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter.

A __ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.

One form of online vandalism is __ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.

In the well-known __ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network.

__ are machines that are directed remotely (usually by a transmitted command) by the attacker to participate in an attack.

In a __ attack, the attacker sends a large number of connection or information requests to a target.

__ are software programs that hide their true nature, and reveal their designed behavior only when activated.

A computer is the __ of an attack when it is used to conduct the attack.

The first phase in the development of the contingency planning process is the __.

__-based IDPSs look at patterns of network traffic and attempt to detect unusual activity based on previous baselines.

A buffer against outside attacks is frequently referred to as a __.

The __ is based on and directly supports the mission, vision, and direction of the organization and sets the strategic direction, scope, and tone for all security efforts.

A __ site provides only rudimentary services and facilities.

A(n) __ plan deals with the identification, classification, response, and recovery from an incident.

__ often function as standards or procedures to be used when configuring or maintaining systems.

The website asset has an impact value score 90 and has one vulnerability. The vulnerability has likelihood of 0.7 with no controls in place. Assuming that the assumptions and data are 60% certain. Find the risk of the web site asset.